Prefer types to TargetAPI

Benjamin Muskalla · Benjamin Muskalla · commit b84c03672d5a · 2021-11-15T12:43:46.000+01:00
diff --git a/java/ql/src/utils/model-generator/CaptureSinkModels.ql b/java/ql/src/utils/model-generator/CaptureSinkModels.ql
@@ -43,7 +43,7 @@ string asInputArgument(DataFlow::Node source) {
   result = "Argument[-1]"
 }
 
-string captureSink(Callable api) {
+string captureSink(TargetAPI api) {
   exists(DataFlow::Node src, DataFlow::Node sink, PropagateToSinkConfiguration config, string kind |
     config.hasFlow(src, sink) and
     sinkNode(sink, kind) and
diff --git a/java/ql/src/utils/model-generator/CaptureSourceModels.ql b/java/ql/src/utils/model-generator/CaptureSourceModels.ql
@@ -21,7 +21,7 @@ class FromSourceConfiguration extends TaintTracking::Configuration {
   override predicate isSource(DataFlow::Node source) { sourceNode(source, _) }
 
   override predicate isSink(DataFlow::Node sink) {
-    exists(Callable c |
+    exists(TargetAPI c |
       sink instanceof ReturnNode and
       sink.getEnclosingCallable() = c and
       c.isPublic() and
@@ -34,7 +34,7 @@ class FromSourceConfiguration extends TaintTracking::Configuration {
   }
 }
 
-string captureSource(Callable api) {
+string captureSource(TargetAPI api) {
   exists(DataFlow::Node source, DataFlow::Node sink, FromSourceConfiguration config, string kind |
     config.hasFlow(source, sink) and
     sourceNode(source, kind) and
diff --git a/java/ql/src/utils/model-generator/CaptureSummaryModels.ql b/java/ql/src/utils/model-generator/CaptureSummaryModels.ql
@@ -12,7 +12,7 @@ import semmle.code.java.dataflow.internal.DataFlowPrivate
 import semmle.code.java.dataflow.InstanceAccess
 import ModelGeneratorUtils
 
-string captureFlow(Callable api) {
+string captureFlow(TargetAPI api) {
   result = captureQualifierFlow(api) or
   result = captureParameterFlowToReturnValue(api) or
   result = captureFieldFlowIn(api) or
@@ -32,7 +32,7 @@ string captureFlow(Callable api) {
  * }
  * ```
  */
-string captureQualifierFlow(Callable api) {
+string captureQualifierFlow(TargetAPI api) {
   exists(ReturnStmt rtn |
     rtn.getEnclosingCallable() = api and
     rtn.getResult().(ThisAccess).isOwnInstanceAccess()
@@ -92,7 +92,7 @@ class FieldToReturnConfig extends TaintTracking::Configuration {
  * p;Foo;true;putsTaintIntoParameter;(List);Argument[-1];Argument[0];taint
  * ```
  */
-string captureFieldFlow(Callable api) {
+string captureFieldFlow(TargetAPI api) {
   exists(FieldToReturnConfig config, ReturnNodeExt returnNodeExt |
     config.hasFlow(_, returnNodeExt) and
     returnNodeExt.getEnclosingCallable() = api and
@@ -107,7 +107,7 @@ string captureFieldFlow(Callable api) {
   )
 }
 
-string asOutput(Callable api, ReturnNodeExt node) {
+string asOutput(TargetAPI api, ReturnNodeExt node) {
   if node.getKind() instanceof ValueReturnKind
   then result = "ReturnValue"
   else
@@ -164,7 +164,7 @@ private predicate thisAccess(DataFlow::Node n) {
  * Captured Model:
  * `p;Foo;true;doSomething;(String);Argument[0];Argument[-1];taint`
  */
-string captureFieldFlowIn(Callable api) {
+string captureFieldFlowIn(TargetAPI api) {
   exists(DataFlow::Node source, ParameterToFieldConfig config |
     not api.isStatic() and
     config.hasFlow(source, _) and
@@ -179,7 +179,7 @@ class ParameterToReturnValueTaintConfig extends TaintTracking::Configuration {
   ParameterToReturnValueTaintConfig() { this = "ParameterToReturnValueTaintConfig" }
 
   override predicate isSource(DataFlow::Node source) {
-    exists(Callable api |
+    exists(TargetAPI api |
       source instanceof DataFlow::ParameterNode and
       api = source.asParameter().getCallable() and
       isRelevantType(api.getReturnType()) and
@@ -221,7 +221,7 @@ predicate paramFlowToReturnValueExists(Parameter p) {
  * p;Foo;true;returnData;;Argument[0];ReturnValue;taint
  * ```
  */
-string captureParameterFlowToReturnValue(Callable api) {
+string captureParameterFlowToReturnValue(TargetAPI api) {
   exists(Parameter p |
     p = api.getAParameter() and
     paramFlowToReturnValueExists(p)
@@ -246,7 +246,7 @@ string captureParameterFlowToReturnValue(Callable api) {
  * p;Foo;true;addToList;;Argument[0];Argument[1];taint
  * ```
  */
-string captureParameterToParameterFlow(Callable api) {
+string captureParameterToParameterFlow(TargetAPI api) {
   exists(DataFlow::ParameterNode source, DataFlow::PostUpdateNode sink |
     source.getEnclosingCallable() = api and
     sink.getPreUpdateNode().asExpr() = api.getAParameter().getAnAccess() and
diff --git a/java/ql/src/utils/model-generator/ModelGeneratorUtils.qll b/java/ql/src/utils/model-generator/ModelGeneratorUtils.qll
@@ -55,37 +55,37 @@ private predicate isJdkInternal(CompilationUnit cu) {
 }
 
 bindingset[input, output]
-string asTaintModel(Callable api, string input, string output) {
+string asTaintModel(TargetAPI api, string input, string output) {
   result = asSummaryModel(api, input, output, "taint")
 }
 
 bindingset[input, output]
-string asValueModel(Callable api, string input, string output) {
+string asValueModel(TargetAPI api, string input, string output) {
   result = asSummaryModel(api, input, output, "value")
 }
 
 bindingset[input, output, kind]
-string asSummaryModel(Callable api, string input, string output, string kind) {
+string asSummaryModel(TargetAPI api, string input, string output, string kind) {
   result =
     asPartialModel(api) + input + ";" //
       + output + ";" //
       + kind
 }
 
 bindingset[input, kind]
-string asSinkModel(Callable api, string input, string kind) {
+string asSinkModel(TargetAPI api, string input, string kind) {
   result = asPartialModel(api) + input + ";" + kind
 }
 
 bindingset[output, kind]
-string asSourceModel(Callable api, string output, string kind) {
+string asSourceModel(TargetAPI api, string output, string kind) {
   result = asPartialModel(api) + output + ";" + kind
 }
 
 /**
  * Computes the first 6 columns for CSV rows.
  */
-private string asPartialModel(Callable api) {
+private string asPartialModel(TargetAPI api) {
   result =
     typeAsSummaryModel(api) + ";" //
       + isExtensible(bestTypeForModel(api)) + ";" //
@@ -98,9 +98,9 @@ private string asPartialModel(Callable api) {
  * Returns the appropriate type name for the model. Either the type
  * declaring the method or the supertype introducing the method.
  */
-private string typeAsSummaryModel(Callable api) { result = typeAsModel(bestTypeForModel(api)) }
+private string typeAsSummaryModel(TargetAPI api) { result = typeAsModel(bestTypeForModel(api)) }
 
-private RefType bestTypeForModel(Callable api) {
+private RefType bestTypeForModel(TargetAPI api) {
   if exists(superImpl(api))
   then superImpl(api).fromSource() and result = superImpl(api).getDeclaringType()
   else result = api.getDeclaringType()

Original file line number	Diff line number	Diff line change
`@@ -43,7 +43,7 @@ string asInputArgument(DataFlow::Node source) {`
`43`	`43`	`result = "Argument[-1]"`
`44`	`44`	`}`
`45`	`45`
`46`		`-string captureSink(Callable api) {`
	`46`	`+string captureSink(TargetAPI api) {`
`47`	`47`	`exists(DataFlow::Node src, DataFlow::Node sink, PropagateToSinkConfiguration config, string kind \|`
`48`	`48`	`config.hasFlow(src, sink) and`
`49`	`49`	`sinkNode(sink, kind) and`